Multiple iexplore.exe in task manager (a.k.a. is there an echo in here?)

Solved
By drvodka
Jul 24, 2010
Topic Status:
Not open for further replies.
  1. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    ok - have not run OTL yet -wasn't quite sure if you wanted to see process explorer results first...

    ok to run it?

    thanks for helping - you rock.

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Hold on, I'm looking at your last log.
  3. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    It looks like your computer doesn't like Comodo for some reason.
    Comodo is consuming a good chunk of your CPU cycles.
    Why don't we experiment a little...

    Uninstall Comodo, turn Windows firewall on, restart computer and run OTL.
  4. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    quick question: OTL opens as 'Security Tool - protect your PC'?

    If so, it ran a scan automatically when I double clicked it, and now it is saying it has found 25 trojans/spyware etc. I do not see any place to enter the red text that you posted.
  5. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Stop! I'm not sure what you're running....
    OTL from my post #23. It downloads OTL.exe
  6. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    *sigh*

    I think it's more malware/trojan - I have not done ANYTHING, don't worry. I downloaded OTL from your link directly.

    now when I try to open chrome, it says that it is infected and my credit card details are being sent bla bla bla (other rubbish).

    I cannot even open task manager now. there are two ystem tray icons now (new - never there before) and when I scroll over them, they says '522757373'.

    doesn't seem as though I can open anything...writing this on my other half's machine now....


    seems there is a Security Tools virus?
  7. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    It looks like got reinfected somehow.
    See, if you can update and run Malwarebytes.
  8. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    update: I didnt touch a thing on my machine - was typing on here, and I got BSOD, which says that 'a problem appears to be caused by a file with something like sysprcmd.sys (went off too quickly to get the full file name. computer logged off and restarted. what should I do? thanks!
  9. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Did you read my previous reply?
  10. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    yes, just making sure it is safe to log in to normal mode first, rather than safe mode? don't want to go making things worse :)

    so I can log in normally and try to run malwarebytes? thanks again, sorry this is becoming more of a pain for you.
  11. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Don't worry about me. You're doing fine.
    Start in normal mode and if MBAM gives you any issues, run rKill first (you still should have it on your desktop).
     
  12. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    can't run either MBAM or rkills - the 'Security Tool' pops up to say those files are infected and the worm is trying to send my credit card details. can't open task manager or anything....
  13. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Restart in Safe mode.
    Run rKill first, then exehelper (you still have it) and then MBAM.
  14. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    ok - thanks (again and again).

    MBAM is running now - one infection found so far...it may take a while at the rate it's going, so I may just leave it to run through the night and post the results tomorrow.

    do you ever sleep? :)
  15. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    I sleep....LOL

    I'll check on you tomorrow.
    I'm not 100% sure, but it may be something wrong with that OTL file.
    Don't touch it for now.
  16. Broni

    Broni Malware Annihilator Posts: 46,169   +251

  17. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    ha! my luck get's better and better :)

    ran MBAM in safe mode and it found two trojans, which were removed (log attached). when I restarted in normal mode, Security Tool was still on there though. what next? (edit: I am set up in safe mode right now, awaiting your guidance)

    Attached Files:

  18. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    sorry for the bump - but just FYI for Broni - I am running an Avira scan in Safe Mode - which will likely run through the night (very slow!)...so if we can touch base tomorrow instead, it might be best :)

    thanks again for all of your help!
     
  19. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Luckily, there was only one other person on this board affected by the same hacked download.
    The issue has been fixed last night already, so all safe by now.

    What's your situation right now?
    I'm home only for a short period of time and I'll be gone for couple of hours, so let me know what your situation is.
  20. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    The scan has been running for 6.5 hrs and is only 60% done - so it'll probably only be done in another 6 hrs or so (middle of the night for me). I'll post the Avira scan result as soon as I have it tomorrow morning.

    Thanks!
  21. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    No problem. I have a day off tomorrow, so I'll be around in the morning :)
  22. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    sadly I did not have a chance to get on here all day and the scan only finished at lunchtime anyway :)

    attached - Avira didn't find anything. Odd?

    Attached Files:

  23. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    That's good news :)

    Now, I want you to do couple of things...

    1. Did you?
    2. Restart in normal mode, check for iexplore.exe presence, update MBAM, run "Quick scan" and post the log.

    3. OTL issue has been solved very same night, so it's safe now...

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  24. drvodka

    drvodka Newcomer, in training Topic Starter Posts: 62

    I really appreciate your help on this - and realize that it is not your issue that my computer is infected, but maybe I am not communicating properly here:

    My computer is still infected with the Security Tool virus (I just restarted in Normal Mode and it is doing the same thing).

    Just to remind you, here is what happened after you told me to uninstall Comodo, reactivate Windows Firewall and install the OTL file:

    1. I uninstalled Comodo
    2. I went to activate Windows Firewall but it was already activated (weird - but maybe that's why it was consuming so many cycles?), and restarted my computer
    3. I downloaded the (infected) OTL file to my desktop
    4. I opened OTL so that I could paste the red text into the Custom Scans box, it opened the Security Tool virus instead
    5. I posted on here and you let me know that it was an infected file
    6. I restarted in Safe Mode and ran an MBAM scan that took all night (two trojans found and quarantined - log posted)
    7. I ran a full Avira scan which took 18hrs and it found nothing
    8. I restarted in Normal Mode and the Security Tool virus is still alive and kicking.

    Thanks again.
  25. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    OK. First of all, make sure, that old OTL (26KB) file is gone.

    Then, I wanted you to update and run Malwarebytes in normal mode. Will it run?

    Now, before we run new OTL, let's re-run Combofix. If it won't run in normal mode, run it in safe mode.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.